CVE-2025-48378 – DNN XSS Through SVG Upload

May 23, 2025

CVE ID : CVE-2025-48378

Published : May 23, 2025, 4:15 p.m. | 2 hours, 37 minutes ago

Description : DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 9.13.9, uploaded SVG files could contain scripts and if rendered inline those scripts could run allowing XSS attacks. Version 9.13.9 fixes the issue.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2023-34873 – MOBOTIX Camera Remote Code Execution Vulnerability

Next Article CVE-2025-48377 – DNN Cross-Site Scripting Vulnerability

Sunshine And March Vibes (2025 Wallpapers Edition)

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

SteamOS is officially not just for Steam Deck anymore — now ready for Lenovo Legion Go S and sort of ready for the ROG Ally

Microsoft’s latest AI model can accurately forecast the weather: “It doesn’t know the laws of physics, so it could make up something completely crazy”

OpenAI scientists wanted “a doomsday bunker” before AGI surpasses human intelligence and threatens humanity

My favorite gaming service is 40% off right now (and no, it’s not Xbox Game Pass)

A timeline of JavaScript’s history

A timeline of JavaScript’s history

Loading JSON Data into Snowflake From Local Directory

Streamline Conditional Logic with Laravel’s Fluent Conditionable Trait

SteamOS is officially not just for Steam Deck anymore — now ready for Lenovo Legion Go S and sort of ready for the ROG Ally

SteamOS is officially not just for Steam Deck anymore — now ready for Lenovo Legion Go S and sort of ready for the ROG Ally

Microsoft’s latest AI model can accurately forecast the weather: “It doesn’t know the laws of physics, so it could make up something completely crazy”

OpenAI scientists wanted “a doomsday bunker” before AGI surpasses human intelligence and threatens humanity

CVE-2025-48378 – DNN XSS Through SVG Upload

Nmap 7.96 Launches with Lightning-Fast DNS and 612 Scripts

CVE-2025-47568 – ZoomSounds Deserialization Object Injection Vulnerability

I revisited the iPhone SE in 2025, and it got me excited for everything but itself

Researchers Accidentally Discover Bypass in Self-Service Check-In System of Hotel

Use zero-shot large language models on Amazon Bedrock for custom named entity recognition

FlashSpeech: A Novel Speech Generation System that Significantly Reduces Computational Costs while Maintaining High-Quality Speech Output

Open Contracts: The Free and Open Source Document Analytics Platform

Telerik Report Server Flaw Could Let Attackers Create Rogue Admin Accounts

Google Postpones Third-Party Cookie Deprecation Amid U.K. Regulatory Scrutiny

Exploring the Default Tiling Windows Feature in Ubuntu 24.04 (and Enhancing it)

CVE-2025-48378 – DNN XSS Through SVG Upload

Related Posts